Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="LaurentG" data-source="post: 935329" data-attributes="member: 91050"><p>OK, thanks for your answer.</p><p>Like in your own testing, in my case also Defender often did not show the alert on AMSI based detections, only sometimes (I'd say once out of 3 or 4)</p><p></p><p>And when it's the case, I got the same messages (except they're in french <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />).</p><p></p><p>If you allow (as shown in your screen copy), what I understand <u><strong><u>and what I experimented</u> </strong></u>is that<strong> after excluding this detection, this threat will be allowed for other scripts. </strong></p><p>While you write (in the other thread) : <u><em><u>it does not mean</u></em></u><strong><em><strong> that after excluding this detection, the blocked script code (like "Wshshell.run") </strong></em></strong><em><u>will be allowed</u> for other scripts</em><strong><em><strong>.</strong></em></strong><em> <u>It is an important feature because otherwise, such exclusions would decrease the protection.</u></em></p><p></p><p><strong>I fully agree with your conclusion about decrease of protection that could generate.... </strong></p><p></p><p>So the (<strong><u>very important</u></strong>) question is :</p><p>If we exclude the threat (as you show it just above, and as I did it), <u><strong><u>will this threat Trojan:VBS/Mountsi.A!ml be allowed for other scripts ?</u></strong></u></p><p></p><p>As I write above, my personal experience is that the answer is Yes (after allowing it, I <u><strong>never </strong></u>got it anymore, not only running the original script, but even in slightly modified copies of the original script, that BOTH raised this detection before allowing the threat, until I remove the allowance/Exclusion).</p><p>And if I'm right, as you say "such exclusions would decrease the protection."</p><p></p><p>But maybe I'm wrong ? <strong>Are you sure that this exclusion do not have such consequence ?</strong></p><p><strong></strong></p><p><strong>Thanks in advanced for your advice !</strong></p></blockquote><p></p>
[QUOTE="LaurentG, post: 935329, member: 91050"] OK, thanks for your answer. Like in your own testing, in my case also Defender often did not show the alert on AMSI based detections, only sometimes (I'd say once out of 3 or 4) And when it's the case, I got the same messages (except they're in french ;)). If you allow (as shown in your screen copy), what I understand [U][B][U]and what I experimented[/U] [/B][/U]is that[B] after excluding this detection, this threat will be allowed for other scripts. [/B] While you write (in the other thread) : [U][I][U]it does not mean[/U][/I][/U][B][I][B] that after excluding this detection, the blocked script code (like "Wshshell.run") [/B][/I][/B][I][U]will be allowed[/U] for other scripts[/I][B][I][B].[/B][/I][/B][I] [U]It is an important feature because otherwise, such exclusions would decrease the protection.[/U][/I] [B]I fully agree with your conclusion about decrease of protection that could generate.... [/B] So the ([B][U]very important[/U][/B]) question is : If we exclude the threat (as you show it just above, and as I did it), [U][B][U]will this threat Trojan:VBS/Mountsi.A!ml be allowed for other scripts ?[/U][/B][/U] As I write above, my personal experience is that the answer is Yes (after allowing it, I [U][B]never [/B][/U]got it anymore, not only running the original script, but even in slightly modified copies of the original script, that BOTH raised this detection before allowing the threat, until I remove the allowance/Exclusion). And if I'm right, as you say "such exclusions would decrease the protection." But maybe I'm wrong ? [B]Are you sure that this exclusion do not have such consequence ? Thanks in advanced for your advice ![/B] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
